Installing and Using the OpenSSH Utilities

Installation

Installation of the OpenSSH utilities can only be performed by your Unix systems administrator, and is dependent upon the target Unix system. Installation instructions, source code, and precompiled binaries for a variety of Unix systems can be found at http://www.openssh.com/portable.html

The following usage instructions are based upon the existence of a properly installed OpenSSH subsystem.

Configuration and Use

This section describes the configuration and use of the OpenSSH sftp client. Sftp uses a set of commands similar to those found in normal Internet FTP. Two utilities will be used in this section, ssh-keygen, to create your public and private keys, and sftp, to upload your public key to the PCT-EDI server.

Log in to your local Unix machine and create a directory named ".ssh". Change to that directory. You must be in the ".ssh" directory when executing the next commands.

Enter the command "ssh-keygen -b 1024 -t dsa" to generate a OpenSSH format 1024 bit DSA key. You will be prompted for a file in which to save the key. Enter the account name for your Office. When key generation is complete, you will be prompted to enter a passphrase. If this account will be used for non-interactive applications (such as automated scripts and downloading", press "Enter". Otherwise, if the account will be used by humans, enter a good (at least 8 characters, with letters, numbers and punctuation marks) passphrase in the given blocks. You will be prompted for this passphrase whenever you use this key. The passphrase is never sent to the remote machine. The following examples assume the existence of a passphrase.

This key pair (xx and xx.pub) are suitable for all OpenSSH applications.

The International Bureau uses the commercial Tectia SSH server, which uses public keys in the newer SECSH Public Key format. It is now necessary to convert your xx.pub public key into this format. Type "ssh-keygen -e -f xx.pub > xx-p.pub", where "xx" is your account name. This will copy your xx.pub public key file to xx-p.pub, converting it to the SECSH format.

Retain both public keys. You are now finished with the "ssh-keygen" application.

Now, you must upload your SECSH-format public key to the PCT-EDI server. To initiate a password-based SFTP connection with the PCT-EDI server, enter the command "sftp xx@pctftp.wipo.int". This instructs the "sftp" client to open a connection to the server using "xx" as the account name.

You will be prompted to accept the authenticity of the pctftp.wipo.int PCT-EDI server. Type "yes". You will next be prompted for a PASSCODE. This is not your passphrase from the step above. Instead, this prompt is for International Bureau personnel to log in using a secure token for remote access. Simply press "Enter". You will be prompted 3 times. After 3 prompts, you will be asked for a password. Enter the password assigned to you by the International Bureau.

You must now switch to the ".ssh2" directory on the PCT-EDI server. If you type ".ssh" by mistake, you will see an error message as in the example below. Once in the ".ssh" directory, you must upload your "xx-p.pub" public key, renaming it "xx.pub" as you do so. Type "put xx-p.pub xx.pub".

The PCT-EDI server is now properly configured. The pre-existing "authorization" file directs the PCT-EDI SFTP server to use the file xx.pub as your public key. You are now ready to configure your local OpenSSH parameters. Exit the "sftp" program by typing "exit" at the "sftp>" prompt.

Ensure that you are in the ".ssh" directory by using the "pwd" command. You will now create your OpenSSH configuration file. Use your favorite Unix text editor to create the file "config" containing the line (without quotes) "IdentityFile ~/.ssh/xx". This will cause your private key "xx" to be used to identify yourself to the PCT EDI server. After creating this file, type "sftp xx@pctftp.wipo.int". If you assigned a passphrase to your private key, you will be prompted for it. Then, you will be logged into your account on the PCT-EDI server.

The example below shows the existence of the "config" file, the results of connecting to the server, and a listing of the "xx" account directory space on the PCT-EDI server.

You have completed the configuration for both your remote PCT-EDI Office account, and the OpenSSH utilities that may be accessed through your personal, local account.